Secunia Vulnerability Coordination Reward Program (SVCRP)
Posted on Friday, November 04, 2011 by Tenderfoot
SVCRP (Secunia Vulnerability Coordination Reward Program) is a reward incentive offered by Secunia to researchers, who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf.
All classes of vulnerabilities in most products are applicable for SVCRP as long as the following basic criteria are met:
Most Valued Contributor: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been consistently coordinating correct, clearly detailed vulnerability reports that have been quick and easy to confirm.
Most Interesting Coordination Report: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been coordinating the most interesting vulnerability (criteria considered are e.g. complexity, impact, affected product, level of detail in provided vulnerability report).
The current list of qualifying conferences are:
If you would like to report a vulnerability to Secunia via SVCRP then please send a vulnerability report prefixed with "[SVCRP]" in the subject to vuln@secunia.com. The report should contain details on the affected product/version and PoC or detailed steps to trigger the vulnerability to ensure that Secunia Research can reproduce your findings.
Source :- http://secunia.com/community/research/svcrp
All classes of vulnerabilities in most products are applicable for SVCRP as long as the following basic criteria are met:
- The vulnerability affects a stable product.
- The vulnerability affects the latest version of the product.
- The product is actively supported by the vendor.
- The vulnerability is not already publicly known.
- Secunia Research is able to confirm the reported vulnerability.
Most Valued Contributor: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been consistently coordinating correct, clearly detailed vulnerability reports that have been quick and easy to confirm.
Most Interesting Coordination Report: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been coordinating the most interesting vulnerability (criteria considered are e.g. complexity, impact, affected product, level of detail in provided vulnerability report).
The current list of qualifying conferences are:
- Black Hat
- Defcon
- CanSecWest
- RECON
If you would like to report a vulnerability to Secunia via SVCRP then please send a vulnerability report prefixed with "[SVCRP]" in the subject to vuln@secunia.com. The report should contain details on the affected product/version and PoC or detailed steps to trigger the vulnerability to ensure that Secunia Research can reproduce your findings.
Source :- http://secunia.com/community/research/svcrp
Subscribe to:
Post Comments (Atom)
No Response to "Secunia Vulnerability Coordination Reward Program (SVCRP)"
Leave A Reply